Comment: Spine creases, wear to binding and pages from reading. May contain limited notes, underlining or highlighting that does affect the text. Possible ex library copy, thatâ€TMll have the markings and stickers associated from the library. Accessories such as CD, codes, toys, may not be included.

Malware Forensics: Investigating and Analyzing Malicious Code covers the complete process of responding to a malicious code incident. Written by authors who have investigated and prosecuted federal malware cases, this book deals with the emerging and evolving field of live forensics, where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss live forensics on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system. It is the first book detailing how to perform live forensic techniques on malicious code.

The book gives deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more. It explores over 150 different tools for malware incident response and analysis, including forensic tools for preserving and analyzing computer memory. Readers from all educational and technical backgrounds will benefit from the clear and concise explanations of the applicable legal case law and statutes covered in every chapter. In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter.

This book is intended for system administrators, information security professionals, network personnel, forensic examiners, attorneys, and law enforcement working with the inner-workings of computer memory and malicious code.

* Winner of Best Book Bejtlich read in 2008!* http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html* Authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader.* First book to detail how to perform "live forensic" techniques on malicous code.* In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

Product description

Review

Details the complete process of responding to a malicious code incident

Synopsis

"Malware Forensics: Investigating and Analyzing Malicious Code" covers the emerging and evolving field of 'live forensics', where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss 'live forensics' on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system."Malware Forensics: Investigating and Analyzing Malicious Code" also devotes extensive coverage of the burgeoning forensic field of physical and process memory analysis on both Windows and Linux platforms. This book provides clear and concise guidance as to how to forensically capture and examine physical and process memory as a key investigative step in malicious code forensics. Prior to this book, competing texts have described malicious code, accounted for its evolutionary history, and in some instances, dedicated a mere chapter or two to analyzing malicious code.Conversely, "Malware Forensics: Investigating and Analyzing Malicious Code" emphasizes the practical 'how-to' aspect of malicious code investigation, giving deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more.

In this book, authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader. It is the first book to detail how to perform 'live forensic' techniques on malicous code. In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter.
See all Product description

There was a problem filtering reviews right now. Please try again later.

I have had this book for about 2 years now. It is getting a bit out of date. The methodologies provided are sound but the areas covered are pretty basic and the tools are far from the best available. Much of the information is available online for free. I would recommend it to anyone who is just getting into the field of computer forensics but it will not help a professional in this field.

For a positive this book does cover a lot more than traditional windows hard disk forensics. It has methodologies for Windows and Linux Based incident response, Live Analysis, Memory analysis and hard disk analysis.

This should really be worthy of 3.5 stars but as its not worth 4 I'm sticking with 3.

Most helpful customer reviews on Amazon.com

4.0 out of 5 starsin the hopes of being able to better understand and protect against Malware

5 January 2015 - Published on Amazon.com

Verified Purchase

I bought this book, along with several others, in the hopes of being able to better understand and protect against Malware. I have not finished the book at the time I am writing this review, I can say from what I have read, this book has proven to be valuable in helping understand how to detect Malware. I would recommend this book to anyone who is a beginner to Malware Forensics. People who have some experience or are experienced in Malware Forensics, I cannot say how useful this book would be to them.

Malware Forensics is an awesome book. Last year Syngress published Harlan Carvey's 5-star Windows Forensic Analysis, and now we get to enjoy this new title by James Aquilina, Eoghan Casey, and Cameron Malin, plus technical editing by Curtis Rose. I should disclose that I co-wrote a forensics book with Curtis Rose, and I just delivered a guest lecture in a class taught by Eoghan Casey. However, I still call books as I see them, regardless of the author. (Check out my review of Security Sage's Guide to Hardening the Network Infrastructure for proof.) I can confidently say that anyone interested in learning how to analyze malware, or perform incident response, will benefit from reading Malware Forensics.

I imagine that code-savvy investigators probably don't need to read Malware Forensics. However, this is not a book for newbies. The target audience includes those doing intrusion analysis on Windows and Linux who want to focus directly on examining malicious code. An investigator whose world revolves around reviewing hard drives with EnCase will probably not understand Malware Forensics. An investigator who needs guidance on identifying and then understanding malware will definitely like this book.

The front cover emphasizes the book's "practical, hands-on" nature. I admit that I tried to follow along in many parts, usually by retrieving various Windows tools to try on malware caught in my spam folder. I do not expect the reader to become an expert in any one area of analysis, but I do applaud the authors for exposing readers to just about every aspect of malware analysis you might expect. The book uses large and small cases, multiple sample analyses, and extensive tool output to guide readers. Even the legal chapter covers the questions most of us are likely to ask.

Furthermore, how often does one read an introduction (through p xxxvi) that is educational? I loved the points about DNA tests destroying evidence and the discussion of what is "forensically sound" on p xxv, and the mention of "evidence dynamics" on p xxvi. I got the sense the authors were real forensics experts, not strictly malware geeks. The citing of non-infosec sources when making points showed me they understood the big picture (p xxxi). They also cited their tools with footnotes and URLs, and included chapter end-notes.

I found very little to complain about in this book. I noticed awkward placement of commas in chapters 3 and 8. A copyeditor could have removed those. From what I can see, the authors appreciated Curtis Rose's involvement. Syngress should observe the value of an editor who seriously reviews the text. (The last page of the book even includes errata that couldn't make it into the previous text!)

I am seriously considering Malware Forensics as my Best Book Bejtlich Read in 2008. If it doesn't win (stay tuned for announcements at the end of December) Malware Forensics will be one of the top four for the year.

I had been searching for a reference guide to help my company deal with some network anomalies and was recommended this book from a colleague.

Pros: Let me begin first by saying this is a very down-in-the-dirt detailed book and has certainly earned its spot on my desk. The book shows you not only how to pick your malware apart (I'm all about details and am the type of person that will want to know exactly what a piece of code did), but also how you could use the information you find to prosecute those pesky haxors. Like "uke92," I also liked the "alternative tools text boxes," as it allows me to play/shop around with all the tools available out there.

Cons:I would have liked to see this book broken up into two as I deal primarily with Windows systems. That way, I might have saved a few bucks. Other than that, can't wait to see what these guys put out next.